DDrury at christian-aid
Dec 20, 2011, 4:54 AM
Post #3 of 3
(1018 views)
Permalink
|
|
Re: Configuring ntop to use Netflow from ASA
[In reply to]
|
|
Hi,
Just installed the SVN version of ntop as suggested - all the Netflow options are missing. In fact, all the plugins appear to be missing. How do I enable them?
Duncan
-----Original Message-----
From: ntop-bounces [at] listgateway [mailto:ntop-bounces [at] listgateway] On Behalf Of Luca Deri
Sent: 29 November 2011 17:56
To: ntop [at] unipi
Subject: Re: [Ntop] Configuring ntop to use Netflow from ASA
Duncan
I have made some changes to NetFlow in ntop 4.1.x that is in SVN now. Can you please use that one and see if it works?
Thanks Luca
On Nov 28, 2011, at 4:22 PM, Duncan Drury wrote:
> I am hoping to get ntop to help me understand bandwidth in 40 remote offices connecting to our VPN using Cisco ASA 5505.
>
> I am having trouble understanding exactly how I should configure ntop to handle netflow data from the ASAs.
>
> The ntop server is at our head office, connected to the core-switching via one ethernet NIC. It is on the same subnet as our head office ASA 5510s. I have one 5510 at head office, and one in a remote office, configured to send netflow data to the ntop server ip address 172.16.9.124.
>
> Each remote office has its own subnet, with the ASA 5505 in that
> subnet (e.g. Nairobi is 10.6.128.0/24 with ASA at 10.6.128.200)
>
> I have created one Netflow Device in ntop. I configured the Local Collector UDP port to be 2055. I am not clear whether the Virtual Network Interface Network Address is a separate IP address for the Netflow Device, or whether this should be a Network Address (e.g. 172.16.9.0/24), and if it is a network address, should this be the network in which a device I am sending netflow from is (e.g. one of the remote office subnets).
>
> Do I need a Netflow Device per probe (i.e. one for each of my ASA 5505 and ASA 5510s)?
>
> I can see that Netflow data is reaching ntop - the statistics under Plugins > Netflow > Statistics are increasing, including the number of V9 templates received. However, the Summary > Traffic view for Netflow-device.2 is not showing any details at all.
>
> Statistics relating to broadcast traffic on the local subnet of the ntop server are showing up fine under the summary traffic view for eth0.
>
> So I think the ASA side of the configuration is all working correctly, but I haven't got ntop configured right for netflow. I've read the docs, but not finding them clear enough for me.
>
> Can anyone give any pointers?
>
> Many thanks,
>
> Duncan
> --
> Duncan Drury
> International Operations Manager
> Christian Aid - www.christian-aid.org
>
> T: +44 20 7523 2068
> E: ddrury [at] christian-aid
> Skype: caid-ddrury
> --
>
>
> Christian Aid - East Africa Emergency Appeal.
>
> Help us respond to the food crisis in \East Africa. Donate via our
> website or give £5 by texting AFRICA to 70800
>
> Save paper, save trees and only print this email if you have to.
>
> Christian Aid is a charity and company limited by guarantee registered in England and Wales: 35 Lower Marsh, London SE1 7RL. UK registered charity no. 1105851. Company no. 5171525.
>
> Christian Aid also operates in Scotland: Registered Office: 41 George
> IV Bridge, Edinburgh, EH1 1EL. Charity no. SC039150
>
> Christian Aid Ireland is a charity and company limited by guarantee registered in Northern Ireland: Unit 6 Linden House, Beechill Business Park, Belfast, BT8 7QN. Northern Ireland charity no: XR94639. Company no. NI059154.
>
> Christian Aid Ireland is a registered charity and registered company limited by guarantee: 17 Clanwilliam Terrace, Dublin 2. Republic of Ireland charity no. CHY 6998. Company no. 426928.
>
> Christian Aid Trading Limited is a company limited by guarantee registered in England and Wales: 35 Lower Marsh, London SE1 7RL. Company no. 1001742.
> This e-mail has been scanned for viruses by Webroot.
>
> _______________________________________________
> Ntop mailing list
> Ntop [at] listgateway
> http://listgateway.unipi.it/mailman/listinfo/ntop
---
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it. - Brian W. Kernighan
_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop
---------
This e-mail has been scanned for viruses by Webroot.
---------
Deliver hope, joy and essential medicine with our Christmas Appeal http://christmas.christianaid.org.uk/ . Give now to help save lives
---------
Save paper, save trees and only print this email if you have to.
---------
Christian Aid is a charity and company limited by guarantee registered in England and Wales: 35 Lower Marsh, London SE1 7RL. UK registered charity no. 1105851. Company no. 5171525.
Christian Aid also operates in Scotland: Registered Office: 41 George IV Bridge, Edinburgh, EH1 1EL. Charity no. SC039150
Christian Aid Ireland is a charity and company limited by guarantee registered in Northern Ireland: Unit 6 Linden House, Beechill Business Park, Belfast, BT8 7QN. Northern Ireland charity no: XR94639. Company no. NI059154.
Christian Aid Ireland is a registered charity and registered company limited by guarantee: 17 Clanwilliam Terrace, Dublin 2. Republic of Ireland charity no. CHY 6998. Company no. 426928.
Christian Aid Trading Limited is a company limited by guarantee registered in England and Wales: 35 Lower Marsh, London SE1 7RL. Company no. 1001742.
---------
This e-mail has been scanned for viruses by Webroot.
_______________________________________________
Ntop mailing list
Ntop [at] listgateway
http://listgateway.unipi.it/mailman/listinfo/ntop
|
